#include "pcap.h"
struct ether_header
{
u_int8_t ether_dhost[6];
u_int8_t ether_shost[6];
u_int16_t ether_type;
};
typedef u_int32_t in_addr_t;
struct in_addr
{
in_addr_t s_addr;
};
struct ip_header
{
#ifdef WORDS_BIGENDIAN
u_int8_t ip_version:4;
u_int8_t ip_header_length:4;
#else
u_int8_t ip_header_length:4;
u_int8_t ip_version:4;
#endif
u_int8_t ip_tos;
u_int16_t ip_length;
u_int16_t ip_id;
u_int16_t ip_off;
u_int8_t ip_ttl;
u_int8_t ip_protocol;
u_int16_t ip_checksum;
struct in_addr ip_source_address;
struct in_addr ip_destination_address;
};
struct tcp_header
{
u_int16_t tcp_source_port;
u_int16_t tcp_destination_port;
u_int32_t tcp_acknowledgement;
u_int32_t tcp_ack;
#ifdef WORDS_BIGENDIAN
u_int8_t tcp_offset:4;
u_int8_t tcp_reserved:4;
#else
u_int8_t tcp_reserved:4;
u_int8_t tcp_offset:4;
#endif
u_int8_t tcp_flags;
u_int16_t tcp_windows;
u_int16_t tcp_checksum;
u_int16_t tcp_urgent_pointer;
};
void tcp_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr*
packet_header,const u_char* packet_content)
{
struct tcp_header *tcp_protocol;
u_char flags;
int header_length;
u_short source_port;
u_short destination_port;
u_short windows;
u_short urgent_pointer;
u_int sequence;
u_int acknowledgement;
u_int16_t checksum;
tcp_protocol=(struct tcp_header *)(packet_content+14+20);
source_port=ntohs(tcp_protocol->tcp_source_port);
destination_port=ntohs(tcp_protocol->tcp_destination_port);
header_length=tcp_protocol->tcp_offset*4;
sequence=ntohl(tcp_protocol->tcp_acknowledgement);
acknowledgement=ntohl(tcp_protocol->tcp_ack);
windows=ntohs(tcp_protocol->tcp_windows);
urgent_pointer=ntohs(tcp_protocol->tcp_urgent_pointer);
flags=tcp_protocol->tcp_flags;
checksum=ntohs(tcp_protocol->tcp_checksum);
printf("-----------------------------Tcp protocol------------------\n");
printf("source port:%d\n",source_port);
printf("destination port:%d\n",destination_port);
switch(destination_port)
{
case 80:
printf("http protocol\n");
break;
case 21:
printf("ftp protocol\n");
break;
case 23:
printf("telnet protocol\n");
break;
case 25:
printf("smtp protocol\n");
break;
case 110:
printf("pop3 protocol\n");
break;
default:
break;
}
printf("Sequence Number :%u\n",sequence);
printf("Acknowledgement Number:%u\n",acknowledgement);
printf("header Length:%d\n",header_length);
printf("reserved :%d\n",tcp_protocol->tcp_reserved);
printf("Flags:");
if(flags&0x08)printf("PSH");
if(flags&0x10)printf("ACK");
if(flags&0x02)printf("SYS");
if(flags&0x20)printf("URG");
if(flags&0x01)printf("FIN");
if(flags&0x04)printf("RST");
printf("\n");
printf("Windows size:%d\n",windows);
printf("checksum:%d\n",checksum);
printf("urgent pointer :%d\n",urgent_pointer);
}
void ip_protocol_packet_callback(u_char * argument,const struct pcap_pkthdr * packet_header,
const u_char * packet_content)
{
struct ip_header * ip_protocol;
u_int header_length;
u_int offset;
u_char tos;
u_int16_t checksum;
ip_protocol=(struct ip_header*)(packet_content+14);
checksum=ntohs(ip_protocol->ip_checksum);
header_length=ip_protocol->ip_header_length*4;
tos=ip_protocol->ip_tos;
offset=ntohs(ip_protocol->ip_off);
printf("-----------------------------------ip protocol--------------------\n");
printf("ip version :%d\n",ip_protocol->ip_version);
printf("header length:%d\n",header_length);
printf("tos :%d\n",tos);
printf("total length :%d\n",ntohs(ip_protocol->ip_length));
printf("identification :%d\n",ntohs(ip_protocol->ip_id));
printf("offset:%d\n",(offset&0x1fff)*8);
printf("ttl:%d\n",ip_protocol->ip_ttl);
printf("protocol:%d\n",ip_protocol->ip_protocol);
switch(ip_protocol->ip_protocol)
{
case 6:
printf("the transport layer protocol is Tcp\n");
break;
case 17:
printf("the transport layer protocol is Udp\n");
break;
case 1:
printf("the transprot layer protocol is Icmp\n");
break;
default:
break;
}
printf("header checksum:%d\n",checksum);
printf("source address :%s\n",inet_ntoa(ip_protocol->ip_source_address));
printf("destination address :%s\n",inet_ntoa(ip_protocol->ip_destination_address));
switch(ip_protocol->ip_protocol)
{
case 6:
tcp_protocol_packet_callback(argument,packet_header,packet_content);
break;
default:
break;
}
}
void ethernet_protocol_packet_callback(u_char *argument,const struct pcap_pkthdr * packet_header,
const u_char * packet_content)
{
u_short ethernet_type;
struct ether_header *ethernet_protocol;
u_char *mac_string;
static int packet_number=1;
printf("*************************************************************************\n");
printf(" the %d TCP packet is captured \n",packet_number);
printf("------------------------------eternet protocol--------------------------\n");
ethernet_protocol=(struct ether_header *)packet_content;
printf("ethernet type is:\n");
ethernet_type=ntohs(ethernet_protocol->ether_type);
printf("%04x\n",ethernet_type);
switch(ethernet_type)
{
case 0x0800:
printf("the network layer is ip protocol\n");
break;
case 0x0806:
printf("the network layer is arp protocol\n");
break;
case 0x8035:
printf("the network layer is rarp protocol\n");
break;
default:
break;
}
printf("mac source address is:\n");
mac_string=ethernet_protocol->ether_shost;
printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac_string,*(mac_string+1),*(mac_string+2),
*(mac_string+3),*(mac_string+4),*(mac_string+5));
printf("mac destination address is :\n");
mac_string=ethernet_protocol->ether_dhost;
printf("%02x:%02x:%02x:%02x:%02x:%02x\n",*mac_string,*(mac_string+1),*(mac_string+2),
*(mac_string+3),*(mac_string+4),*(mac_string+5));
switch(ethernet_type)
{
case 0x0800:
ip_protocol_packet_callback(argument,packet_header,packet_content);
break;
default:
break;
}
printf("********************************************************************\n");
packet_number++;
}
int main()
{
pcap_t *pcap_handle;
char error_content[PCAP_ERRBUF_SIZE];
char *net_interface;
struct bpf_program bpf_filter;
char bpf_filter_string[]="tcp";
bpf_u_int32 net_mask;
bpf_u_int32 net_ip;
net_interface=pcap_lookupdev(error_content);
pcap_lookupnet(net_interface,&net_ip,&net_mask,error_content);
pcap_handle=pcap_open_live(net_interface,20480,1,0,error_content);
pcap_compile(pcap_handle,&bpf_filter,bpf_filter_string,0,net_ip);
pcap_setfilter(pcap_handle,&bpf_filter);
if(pcap_datalink(pcap_handle)!=DLT_EN10MB)
return;
pcap_loop(pcap_handle,-1,ethernet_protocol_packet_callback,NULL);
pcap_close(pcap_handle);
}